Gary O’Neall is a colead of the technical workgroup for SPDX, an open standard for communicating SBOM information, including components, licenses, copyrights, and security references. He has contributed several open source tools including the SPDX Java libraries and tools, which can be found at https://spdx.dev/spdx-tools/. He is also responsible for product development and technology for Source Auditor, Inc., a software and service company helping software companies manage the technical and legal risks of open source software.